Keith Daniels | March 08, 2018

One thing’s certain: BYOD looks set to continue with its exponential growth in popularity in 2018.

Research conducted by Markets and Markets predicts that the adoption rate of BYOD policies among North American businesses will reach 50% by the end of 2017. A 2017 study by Cisco is in a similar vein, finding that 69% of IT decision makers were in favour of BYOD. What’s more, according to Markets and Markets, the BYOD & Enterprise Mobility Market will be worth an eye-watering $73.30 Billion USD by 2021.

Once the preserve of office-based jobs, BYOD has begun to creep into industries as diverse as healthcare, education and manufacturing. BYOD is incredibly flexible by its nature, and, any workplace that uses devices such as laptops, smartphones or tablets could potentially benefit from its adoption.

Many industries, such as manufacturing, are realizing that if they want to attract the talent of today and tomorrow, their IT policies need to change to suit the tech-savvy outlook of millennials. As CIO put it, “If you hope to attract GenY technology professionals, your IT strategy better include a bring-your-own-device plan that plays to the strengths of this tech-dependent generation”.

BYOD is already a global phenomenon to some extent, being well established in the US and Europe, but 2018 could well be the year that it spreads beyond early-adopters in APAC and LATAM countries. The Asia-Pacific BYOD market is expected to expand to $66.84 billion by 2019, more than quadrupling in size from $13.54 billion in 2013. Meanwhile, in Latin America, the BYOD market is predicted to rise to $15.5 billion by 2019 - a growth of $11m since 2014. This rise in BYOD adoption is being driven by two things: multinationals extending their BYOD programmes to employees in emerging markets, and the proliferation, and growing demand for, connected technology for increasingly mobile workforces in Asia and Latin America.

BYOD policies have become a common fixture, particularly in larger organisations, and seem set to stay. Despite concerns about security breaches, governance issues, device management and a range of other possible complications, businesses’ perception seems to be that the benefits outweigh the potential issues. Indeed, a recent survey of BYOD trends revealed that adoption rates were at 36 percent at the beginning of 2017 and expected to rise to almost 50 percent by the start of 2018.

According to research, it is estimated that the average worker can save 81 minutes per week in productivity by using a personal device at work. Further, 78 percent of employees claim BYOD policies support an improved work-life balance. Adding the improved employee benefits to the company’s financial incentives, the same study reported the average employee on a BYOD plan saves the business around £1,000 every year in device and software maintenance costs. it’s easy to see why companies are keen to implement BYOD.

The current state of BYOD is a long way from perfect. However, new innovations in practice and technology are helping businesses to work towards a better way of working where employees can use their personal devices to boost productivity, minimize costs and minimize security risks. k

World-wide, corporate fraud has hit an all-time high and pushed fraud numbers up with it. For the first time on record, data theft has now surpassed the stealing of physical assets. A little under 30 percent of businesses reported they had suffered information theft, loss or attack in 2017. Around 40 percent of executives reported their companies suffered a virus or worm attack, while the second-most frequently cited attack was email-based phishing.

World-wide, corporate fraud has hit an all-time high and pushed fraud numbers up with it. For the first time on record, data theft has now surpassed the stealing of physical assets. A little under 30 percent of businesses reported they had suffered information theft, loss or attack in 2017. Around 40 percent of executives reported their companies suffered a virus or worm attack, while the second-most frequently cited attack was email-based phishing.

The news is consistent with a general trend that has been visible and growing since 2012, with 86 percent of firms worldwide reporting at least one cybercrime incident in the last 12 months, according to Kroll’s annual global fraud and risk survey.

Do you have employees who bring mobile phones to work and use those devices on the corporate network? Do they store company data on these “Bring Your Own Devices (BYOD)”?? Does your company have a policy in place for this?

First, the moment a person brings in their personal phone to work, there is a fusion of personal and business tasks that occur. And, equally as bad, company issued devices are used for personal use as much, if not more than the employees own devices. Not sure you believe this? Here are some stats:

73% of people admit to downloading personal apps to tablets they got from their company.

62% of people admit to downloading personal apps to mobile phones they got from their company.

45% of people admit to downloading personal apps to notebooks they got from their company.

The people who were most likely to do this were in the 25 to 38-year-old age group.

90% of people use their personal mobile devices to conduct business for work.

The program also needs to meet the needs of employees, not just IT personnel’s preferences. Otherwise, they may evade the cumbersome safeguards put in place to protect the company’s data to be more productive and streamline their own user experience.

“BYOD: an emerging market trend in more ways than one,” a study from Ovum, sponsored by Logicalis, shows that 79 percent of employees in high-growth markets believe the constant connectivity associated with BYOD enables them to do their jobs better. However, these benefits to the enterprise may come with higher risk, as 17.7 percent of survey respondents who bring their own devices to work claim that their employer’s IT department has no idea about this behavior, and 28.4 percent of IT departments actively ignore BYOD behavior.

Putting policies in place to manage BYOD risks is a global problem also, as shown in the Ovum study. Only 20.1 percent of companies surveyed had signed a policy governing BYOD behavior. U.S. companies are doing better than many in this field, but companies without BYOD strategies still outnumber those with signed policies.

According to the NIST report “Guidelines for Managing the Security of Mobile Devices in the Enterprise,” there are three common security objectives for mobile devices: confidentiality (ensuring that transmitted and stored data cannot be read by unauthorized parties), integrity (detecting intentional or unintentional changes to transmitted and stored data) and availability (ensuring that users can access resources using mobile devices whenever needed). BYOD programs support the latter, but the former two create hurdles to a successful BYOD program. https://www.securitymagazine.com/articles/87016-bring-your-own-risk-with-byod

As you can see, a lot of people are using their mobile devices on the job, and this could not only put your company data at risk, but also the data associated with your clients. Do you have a plan to minimize or even totally prevent how much sensitive company data is wide open to hackers?

Devices should have a hardware root of trust to protect the organization’s sensitive device, application and user private keys. Enterprises should have:

A sound registration and provisioning process for employee-owned devices before access to enterprise resources is allowed;

A mechanism for assessing the integrity of a device, especially detecting if the device has been compromised at the platform level, (e.g., rooted, jailbroken) which would defeat the built-in security protections that are provided by the platform manufacturers;

A capability to isolate and protect the enterprise applications and data from the rest of the device environment;

Enforcement of strong authentication mechanisms leveraging the hardware root of trust before the user can access enterprise applications and data from a personal device;

Protection of the confidentiality and integrity of communications between the mobile device and enterprise services;

The ability to know who, when, what, where and how the enterprise data and services are accessed; and

The ability to remotely wipe the protected environment for a lost device or potentially locate the lost device.

Solutions to Keep Sensitive Business Information Safe

Owners, managers and every employee should always consider their personal devices as equal to any business device. You do not want your proprietary and sensitive company information out there, and this information is often contained on your personal mobile or laptop device.

Here are some things that you can do to keep this information safe:

Firstly, you and your employees need to know the risks about email. More than 14.5 billion emails laced with malware were sent in 2017 according to the annual Global Security Report by AppRiver.

Give Your Staff Information About Phishing Scams

Phishing is a method that cybercriminals use to steal data from companies. Studies show that it is extremely easy for even the smartest employees to fall for these tricks. Here’s how they work: a staff member gets an email with a sense of urgency. Inside the email is a link. The body of the email encourages the reader to click the link. When they do, they are taken to a website that either installs a virus onto the network or tricks the employee into giving out important company information.

In 2017, AppRiver observed a 1,000 percent increase in phishing efforts, including those tailored to gather user email login credentials, followed by an unparalleled spike in malware attacks launched from the compromised email accounts of users across all services, including Office 365, Gmail, Yahoo and AOL.

Phishing has become the cyber attacker's go-to option for identifying vulnerability in the corporate network. Depending on the attacker's goal, it can be quick and easy or it could be part of a sophisticated attack.

Inform Your Staff that the Bad Guys Might Pose as Someone They Know

Even if you tell your staff about phishing, they can still get tricked into clicking an email link. How? Because the bad guys make these emails really convincing. Hackers do their research, and they are often skilled in the principles of influence and the psychology of persuasion. So, they can easily create fake emails that look like they come from your CEO or a vendor, someone your staff trusts. With this in mind, it might be best to create a policy where employees are no longer allowed to click email links. Pick up the phone to confirm that whatever an email is requesting, that the person who sent it is legitimate.

Teach Employees that Freebies aren’t Always Goodies

A lot of hackers use the promise of something free to get clicks. Make sure your staff knows to never click on an email link promising a freebie of any kind.

Don’t Buy Apps from Third-Party Sources

Apps are quite popular, and there are many that can help to boost productivity in a business setting. However, Apple devices that are “jailbroken” or Android devices that are “rooted” are outside of the walled garden of their respective stores and susceptible to malicious viruses. Make sure your employees know that they should never buy an app from a third-party source. Only use the official Apple App Store or the Google Play Store.

Always Protect Devices

It’s also important that you advise your employees to keep their devices protected with a password. These devices are easy to steal since they are so small. If there is no password, there is nothing stopping a bad guy from getting into them and accessing all of the accounts that are currently logged into the device.

Install a Wipe Function on All Mobile Devices Used for Business

You should also require all employees to have a “wipe” function on their phones. Even if they are only doing something simple, like checking their work email on their personal mobile device, it could get into the wrong hands. With the “wipe” function, the entire phone can be cleared remotely. You should also require employees to use the setting that erases the phone after a set number of password attempts.

Require that All Mobile Devices on the Company Network Use Anti-Virus Software

It’s also important, especially in the case of Android devices, that all mobile devices on the network have some type of anti-virus software.

Do Not Allow Any Jailbroken Devices on Your Company’s Network

Jailbroken devices are much more vulnerable to viruses and other malware. So, never allow an employee with a jailbroken phone to connect to your network.

All Employees Should Activate Update Alerts

One of the easiest ways to keep mobile devices safe is to keep them updated. So, make sure that all employees have update alerts enabled, and make sure that they are updating their devices when prompted or automatically.

Teach Employees About the Dangers of Public Wi-Fi

Finally, make sure your staff knows the dangers of using public Wi-Fi. Public Wi-Fi connections are not secure, so when connected, your devices are pretty open. That means, if you are doing things that are sensitive, such as logging into company accounting records, a hacker can easily follow. Instead, urge employees to use a VPN. These services are inexpensive and they encrypt data so hackers can’t access it.

If an enterprise neglects to put proper mobile security policies in place, what sort of risks do they run? Can you give me an example of a likely scenario?

Sensitive enterprise data, such as personally identifiable information and proprietary intellectual property, could be stored or transmitted without adequate protection, allowing the data to be leaked to third parties.

Compromised devices and user credentials could be used as an entry point into an enterprise network or a pivot point within an enterprise as part of a larger attack seeking access to high-value enterprise assets.

A device that is compromised and taken over by the attacker could be used to impersonate the user, get the user’s personal information, take over the user’s accounts via password reset mechanisms, monitor user activities on the device including location/voice/video, change critical data such as a bank account number during a financial transaction, attack other devices, destroy the personal data on the device such as photos/videos/address books, exhaust resources such as battery, or render the device and associated data unusable.

ELECTRONIC CHAT

The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.

Bill Sinn

ITA LIVE 2019

The tide is up! It's time to register for ITA LIVE 2019, our annual educational and networking conference! Our theme is "The InsurTech Revolution: Cutting Through the Hype." and we'll be bringing in a torrent of industry thought leaders, amazing insight and wonderful perspectives on the world of insurtech and
its impact on the insurance landscape.

ITA LIVE 2019 will present real-life examples of true startup technologies that are
helping insurers gain real advantage -- and a competitive edge --
in the marketplace. We’ll highlight the more successful InsurTech
partnerships, while offering case studies that demonstrate exciting
innovation and cutting-edge techniques impacting
all aspects of the insurance ecosystem.

Ride the wave to LIVE 2019. Sign up today!
We look forward to seeing you in May, 2019!